| CPC H04L 63/0876 (2013.01) [B60R 16/023 (2013.01); H04L 63/06 (2013.01)] | 17 Claims |
|
1. An electronic control unit (ECU) in a vehicle; comprising:
a first memory configured to store a plurality of virtual-ECUs (V-ECUs);
a processor configured to selectively run at least one of the plurality of V-ECUs;
a security peripheral configured to store, in a second memory, (i) a single key for generating message authentication codes (MACs), the single key shared by the plurality of V-ECUs for sending authorized messages, and (ii) a MAC Generate Allow List (MGAL), the security peripheral further configured to receive a MAC generation request from an identified V-ECU of the plurality of V-ECUs, wherein the MGAL comprises information relevant to an authentication policy, the information being sufficient to determine whether the identified V-ECU is permitted to send a message; and
a crypto engine coupled to the processor and configured to receive one or more shared secret keys used to verify MACs transmitted by other nodes,
wherein the security peripheral is configured to use the single key to generate a MAC authenticating the message when the identified V-ECU is permitted to send the message.
|